Fake DHL email delivers an unknown keylogger coupled with a phishing scam
Share This with your friends and contacts. Help THEM to stay safe:
By Derek Knight | September 8, 2019
I was extremely surprised to wake up this Sunday Morning to a whole slew of fake DHL delivery notice emails with a macro enabled word doc attachment that eventually downloads some sort of Keylogger.
There is some dispute as to what the actual Keylogger is. Some AV on VirusTotal describe it as an AgentTesla generic, whereas Anyrun app calls it Sentinel. I don’t think either are 100% correct.
This malware doc downloads from https://heritagebank[.]ga/Quotation.exe (Virustotal) which is behind cloudflare and also is a phishing site for the genuine heritage bank.
…
Update 9 September 2017: Another run of exactly the same email but today they have a .z ( zip ) file attachment extracting to a .exe.
…
All the alleged senders, companies, names of employees, phone numbers, amounts, reference numbers etc. mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t.
…
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware. Also please read our post about word macro malware and how to avoid being infected by them.
Read the full article here
